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DETAILED ACTION 
Response to Amendment 

1 . This action is in response to the amendment filed on June 29, 2005. Claims 1-22 
were originally received for consideration. Per the received amendment, claims 1,11, 
and 21 were amended. Claims 1-30 are currently being considered. 

Terminal Disclaimer 

2. The terminal disclaimer filed on June 29,2005 has been reviewed and is 
accepted, and therefore obviates the provisional double-patenting rejection over 
application No. 10/002,448. The terminal disclaimer has been recorded. 

Response to Arguments 

3. Applicant's arguments filed June 29, 2005 have been fully considered but they 
are not persuasive. 

Regarding independent claims 1,11, and 21 , the applicant argues that the CPA, Gong 
(U.S. Patent No. 6,047,377), does not teach "determining if a superclass permission of 
a required permission is present in each protection domain of an access control context, 
wherein the superclass permission is a super class of the required permission." This 
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argument is not found persuasive. The CPA discloses, ""if every associated protection 
domain contains a permission object that represents a permission encompassing the 
required permission, then the requested action is authorized" (column 19 lines 26-30). 
The permission encompassing the required permission, is interpreted as being the 
superclass of the required permission, since it is the higher level (encompassing) 
permission. Furthermore, the applicant argues that the CPA does not teach "adding the 
required permission to a permission collection if the superclass permission of the 
required permission is present in each protection domain of the access control context." 
This argument is not found persuasive. The CPA discloses a method that "adds a 
permission object to the set of permission objects contained in the PermissionCollection 
object" (column 12 lines 15-17). This PermissionCollection object is a superclass of the 
permission (column 12 lines 2-10), and therefore a required permission is added if the 
superclass is present in each protection domain of the access control context. 
Furthermore, the applicant argues that the CPA does not teach "granting access to the 
resource if the superclass permission of the required permission is present in each 
protection domain of the access control context." This argument is not found 
persuasive. The CPA discloses "if every associated protection domain contains a 
permission object that represents a permission encompassing the required permission, 
then the requested action is authorized" (polumn 19 lines 26-35). This encompassing 
permission is interpreted as the superclass permission since it is a higher level 
permission. Regarding claim 5-6, the applicant argues that the CPA does not teach 
"creating anew permission collection and adding the required permission to the new 
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permission collection" and "includes adding any subclass permissions of the required 
permission to the new permission collection." This argument is not found persuasive. 
The CPA discloses "when a new category of permissions is desired, a new subclass is 
created" (column 19 lines 36-38), which is creating a new permission collection. 
Furthermore, the CPA teaches "the particular rules or policy that govern whether the 
permissions granted a principal are encompassed by permission in the new category 
are implemented in the validation method of the new subclass representing permissions 
in the new subclass" (column 19 lines 38-43), which includes all the subset permissions 
according to the superclass permission. Regarding claim 9,19, and 29 the applicant 
argues that the CPA does not teach an "that the determining step and the adding step 
are performed by a method called by the required permission in response to an implies 
method operating on the required permission." This argument is not found persuasive. 
The implies method is well-known in Java, and functions as if a superclass permission 
is allowed, then its subset permissions are allowed. This is viewed as being analogous 
to the superclass being present in the protection domain of an access control context as 
disclosed in claim 1. The CPA discloses, ""if every associated protection domain 
contains a permission object that represents a permission encompassing the required 
permission, then the requested action is authorized" (column 19 lines 26-30). The 
permission encompassing the required permission, is interpreted as being the 
superclass of the required permission, since it is the higher level (encompassing) 
permission. 

The rejection for the claims are respectfully maintained as given below. 
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Claim Rejections - 35 USC § 102 

The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(b) the Invention was patented or described in a printed publication in this or a foreign country or in public 
use or on sale in this country, more than one year prior to the date of application for patent in the United 
States. 

5. Claims 1-30 are rejected under 35 U.S.C. 102(b) as being anticipated by Gong 
(U.S. Patent 6,047,377). 

Regarding claim 1, Gong discloses: 

A method of controlling access to computer system resources based on 
permissions, comprising: 

' receiving a request for access to a computer system resource" (Figure 7 
item 750, column 6 lines 36-46, column 18 line 29 - column 19 line 36); 

' determining if a superclass permission of a required permission is present 
in each protection domain of an access control context, wherein the superclass 
permission is a superclass of the required permission 1 ' (column 6 lines 36-46, 
column 18 lines 29-45); 

' adding the required permission to a permission collection if the 
superclass permission of the required permission is present in each protection 
domain of the access control context 1 (column 17 lines 1-5, column 19 lines 37-43); 
and 
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'granting access to the resource if the superclass permission of the 
required permission is present in each protection domain of the access control 
context' (column 10 lines 59-67, column 19 lines 4-36). 

Claim 2 is rejected as applied above in rejecting claim 1 . Furthermore, Gong discloses: 

The method of claim 1 , wherein "the request is received from the bytecode" 
(column 1 3 line 63 - column 1 4 line 6). 

Claim 3 is rejected as applied above in rejecting claim 1 . Furthermore, Gong discloses: 
The method of claim 1 , further comprising: 

'determining the required permission based on a CodeSource associated 
with the request' (column 14 lines 28-36, column 15 lines 65-67); and 

"determining the superclass permission of the required permission based 
on the required permission" (column 6 lines 36-46, column 18 lines 29-45). 

Claim 4 is rejected as applied above in rejecting claim 1. Furthermore, Gong discloses; 

The method of claim 1 , wherein determining if a superclass permission of a 
required permission is present in each protection domain includes "determining if at 
least one permission collection in each protection domain includes the 
superclass permission" (column 6 lines 36-46, column 18 lines 29-45). 

Claim 5 is rejected as applied above in rejecting claim 1 . Furthermore, Gong discloses: 
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The method of claim 1 , wherein adding the required permission to a permission 
collection includes "creating a new permission collection and adding the required 
permission to the new permission collection" (column 16 line 56 - column 17 line 
13). 

Claim 6 is rejected as applied above in rejecting claim 1 . Furthermore, Gong discloses: 
The method of claim 5, wherein adding the required permission to a permission 
collection further includes "adding any subclass permissions of the required 
permission to the new permission collection" (column 16 line 56 - column 17 line 
13). 

Claim 7 is rejected as applied above in rejecting claim 1 . Furthermore, Gong discloses; 

The method of claim 1 , further comprising "retrieving the access control 
context for a thread of execution that sent the request for access to the computer 
system resource" (column 17 lines 36-64). 

Claim 8 is rejected as applied above in rejecting claim 1 . Furthermore, Gong discloses: 
The method of claim 1 , wherein adding the required permission to a permission 
collection includes "adding the permission to a permission collection associated 
with the superclass permission" (column 16 line 56 - column 17 line 13). 

Claim 9 is rejected as applied above in rejecting claim 1 . Furthermore, Gone discloses: 
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The method of claim 1 , wherein the steps of determining if a superclass 
permission of a required permission is present in each protection domain of an access 
control context, and adding the required permission to a permission collection if the 
superclass permission of the required permission is present in each protection domain 
of an access control context are "performed by a method called by the required 
permission in response to an implied method operating on the required 
permission" (column 7 lines 30-45). 



Claim 10 is rejected as applied above in rejecting claim 3. Furthermore, Gong 
discloses: 

The method of claim 3, wherein the steps of determining the required permission 
based on a CodeSource associated with the request and determining the superclass 
permission of the required permission based on the required permission are 
"performed based on a security policy file" (Figure 4 item 444, column 1 3 lines 59 - 
65). 



6. Claims 1 1 - 20 are computer program product claims analogous to the method 
claims rejected above, and therefore, are rejected following the same reasoning. 



7. Claims 21-30 are apparatus claims analogous to the method claims rejected 
above, and therefore, are rejected following the same reasoning. 
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Conclusion 

THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1 .1 36(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the mailing date of this final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Kaveh Abrishamkar whose telephone number is 703- 
305-8892. The examiner can normally be reached on Monday thru Friday 8-5. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz Sheikh can be reached on 703-305-9648. The fax phone number for 
the organization where this application or proceeding is assigned is 571-273-8300. 
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Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-21 7-91 97 (toll-free). C\jPj( 




KA 

09/17/2005 



